FBI serves subpoenas on Nmap creator

Page Tools

The FBI has been seeking information from the creator of the
network security scanner, Nmap, about a particular attacker who
they think may have visited the nmap site at a given time.

Nmap creator Fyodor said in a posting to the nmap-hackers
mailing list that no reasons had been given to him when he was
served with the subpoenas.

"If they see that an attacker ran the command "wget
http://download.insecure.org/nmap/dist/nmap-3.77.tgz" from a
compromised host, they assume that she might have obtained that URL
by visiting the Nmap download page from her home computer," he
wrote.

Wget is a download tool used from the command line on Unix
boxes.

Nmap is widely regarded as the best scanner around. It is an
open source utility for network exploration or security auditing
and though designed to rapidly scan large networks works against
single hosts as well.

Fyodor said so far he had not given the FBI any information. "In
some cases, they asked too late and data had already been purged
through our data retention policy. In other cases, they failed to
serve the subpoena properly. Sometimes they try asking without a
subpoena and give up when I demand one. "

Fyodor said nothing on his site, insecure.org, was illegal.
"Nmap was designed to help security - the criminals and spammers
put my work to shame! But the desirability of helping the FBI is
immaterial - I may be forced by law to comply with legal, properly
served subpoenas," he wrote.

"Most of you probably don't care if someone finds out that you
downloaded Nmap, Nessus, Hping2, John the Ripper, etc.... But for
those of you who do care, there are plenty of mechanisms available
to preserve your anonymity. Remember this security mantra: defense
in depth," he said.